/mandos/trunk : revision 291

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos

Committer: Teddy Hogeborn
Date: 2009-01-31 10:33:17 UTC
mfrom: (24.1.129 mandos)
Revision ID: teddy@fukt.bsnet.se-20090131103317-wzqvyr532sjcjt7u

Merge from Björn:

* mandos-ctl: New option "--remove-client".  Only default to listing
              clients if no clients were given on the command line.
* plugins.d/mandos-client.c: Lower kernel log level while bringing up
                             network interface.  New option "--delay"
                             to control the maximum delay to wait for
                             running interface.
* plugins.d/mandos-client.xml (SYNOPSIS, OPTIONS): New option
                                                   "--delay".

files modified:
INSTALL

TODO

debian/control

mandos

mandos-ctl *

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

Show diffs side-by-side

added added

removed removed

mandos

595

!= gnutls.library.constants.GNUTLS_CRT_OPENPGP):

596

# ...do the normal thing

597

return session.peer_certificate

598

list_size = ctypes.c_uint()

598

list_size = ctypes.c_uint(1)

599

cert_list = (gnutls.library.functions

600

.gnutls_certificate_get_peers

601

(session._c_object, ctypes.byref(list_size)))

602

if not bool(cert_list) and list_size.value != 0:

603

raise gnutls.errors.GNUTLSError("error getting peer"

604

" certificate")

602

605

if list_size.value == 0:

603

606

return None

604

607

cert = cert_list[0]

688

691

# Do not run session.bye() here: the session is not

689

692

# established. Just abandon the request.

690

693

return

694

logger.debug(u"Handshake succeeded")

691

695

try:

692

696

fpr = fingerprint(peer_certificate(session))

693

697

except (TypeError, gnutls.errors.GNUTLSError), error:

695

699

session.bye()

696

700

return

697

701

logger.debug(u"Fingerprint: %s", fpr)

702

698

703

for c in self.server.clients:

699

704

if c.fingerprint == fpr:

700

705

client = c

786

791

787

792

def string_to_delta(interval):

788

793

"""Parse a string and return a datetime.timedelta

789

794

790

795

>>> string_to_delta('7d')

791

796

datetime.timedelta(7)

792

797

>>> string_to_delta('60s')

941

946

server_config.read(os.path.join(options.configdir, "mandos.conf"))

942

947

# Convert the SafeConfigParser object to a dict

943

948

server_settings = server_config.defaults()

944

# Use getboolean on the boolean config options

945

server_settings["debug"] = (server_config.getboolean

946

("DEFAULT", "debug"))

947

server_settings["use_dbus"] = (server_config.getboolean

948

("DEFAULT", "use_dbus"))

949

# Use the appropriate methods on the non-string config options

950

server_settings["debug"] = server_config.getboolean("DEFAULT",

951

"debug")

952

server_settings["use_dbus"] = server_config.getboolean("DEFAULT",

953

"use_dbus")

954

if server_settings["port"]:

955

server_settings["port"] = server_config.getint("DEFAULT",

956

"port")

949

957

del server_config

950

958

951

959

# Override the settings from the config file with command line

962

970

# For convenience

963

971

debug = server_settings["debug"]

964

972

use_dbus = server_settings["use_dbus"]

973

974

def sigsegvhandler(signum, frame):

975

raise RuntimeError('Segmentation fault')

965

976

966

977

if not debug:

967

978

syslogger.setLevel(logging.WARNING)

968

979

console.setLevel(logging.WARNING)

980

else:

981

signal.signal(signal.SIGSEGV, sigsegvhandler)

969

982

970

983

if server_settings["servicename"] != "Mandos":

971

984

syslogger.setFormatter(logging.Formatter

1010

1023

uid = 65534

1011

1024

gid = 65534

1012

1025

try:

1026

os.setgid(gid)

1013

1027

os.setuid(uid)

1014

os.setgid(gid)

1015

1028

except OSError, error:

1016

1029

if error[0] != errno.EPERM:

1017

1030

raise error

1018

1031

1032

# Enable all possible GnuTLS debugging

1033

if debug:

1034

# "Use a log level over 10 to enable all debugging options."

1035

# - GnuTLS manual

1036

gnutls.library.functions.gnutls_global_set_log_level(11)

1037

1038

@gnutls.library.types.gnutls_log_func

1039

def debug_gnutls(level, string):

1040

logger.debug("GnuTLS: %s", string[:-1])

1041

1042

(gnutls.library.functions

1043

.gnutls_global_set_log_function(debug_gnutls))

1044

1019

1045

global service

1020

1046

service = AvahiService(name = server_settings["servicename"],

1021

1047

servicetype = "_mandos._tcp", )

1110

1136

1111

1137

@dbus.service.method(_interface, out_signature="ao")

1112

1138

def GetAllClients(self):

1139

"D-Bus method"

1113

1140

return dbus.Array(c.dbus_object_path for c in clients)

1114

1141

1115

1142

@dbus.service.method(_interface, out_signature="a{oa{sv}}")

1116

1143

def GetAllClientsWithProperties(self):

1144

"D-Bus method"

1117

1145

return dbus.Dictionary(

1118

1146

((c.dbus_object_path, c.GetAllProperties())

1119

1147

for c in clients),

1121

1149

1122

1150

@dbus.service.method(_interface, in_signature="o")

1123

1151

def RemoveClient(self, object_path):

1152

"D-Bus method"

1124

1153

for c in clients:

1125

1154

if c.dbus_object_path == object_path:

1126

1155

clients.remove(c)

Older »